| View previous topic :: View next topic |
| Author |
Message |
mr-simon
Guru
Joined: 22 Nov 2002
Posts: 364
Location: Leamington Spa, Warks, UK
|
 Posted: Thu Jun 16, 2005 2:58 pm Post subject: |
 |
|
| mr-simon wrote: | Question: The openafs guide recommends using the uss tool for adding and removing users. docs here - It doesn't appear to be part of the openafs package... Or at least it's not installed by the ebuild.
Where/how can I get it? |
Uh... To answer my own post:
You can get it by running | Code: | # ebuild /usr/local/portage/net-fs/openafs/openafs-1.3.82.ebuild compile
... output happens ...
# cp /var/tmp/portage/openafs-1.3.82/work/openafs-1.3.82/src/uss/uss /usr/afs/bin |
I guess this should be in the ebuild?
_________________
"Pokey, are you drunk on love?"
"Yes. Also whiskey. But mostly love... and whiskey." |
|
| Back to top |
|
 |
irondog
l33t
Joined: 07 Jul 2003
Posts: 715
Location: Voor mijn TV. Achter mijn pc.
|
| Posted: Fri Jun 17, 2005 8:08 am Post subject: |
|
|
New version of the Overlay tarball:
http://tienstra4.flatnet.tudelft.nl/~gerte/openafs-overlay-gerte-1.3.84.tar.gz
There is no need to upgrade from earlier versions, but it should be safe!
I need testers on SMP and x86_64 systems, please report results.
Changelog:
| Code: |
* Bumped from openafs 1.3.82 to 1.3.84
openafs-kernel ebuild:
* Changed keywords
* Determine SYSNAME in pkg_setup
* Make modprobe work, old behaviour is still supported
* Also Install kernel module in /lib/modules/`uname -r`/misc
openafs ebuild:
* Make use of toolchain-funcs eclass instead of gcc eclass
* Make use linux-info eclass instead of linux-mod eclass
* Changed keywords
* RESTRICT="nostrip" avoids annoying warnings
* Determine SYSNAME in pkg_setup
* Included /usr/afs/bin/uss
/etc/init.d/afs:
* Make RC-script use modprobe, old behaviour is still supported
/etc/conf.d/afs:
* Have RC script use modprobe by default, old behaviour as fallback
|
I've found some other changed ebuilds by Michael Hordijk on Bugzilla. These are not mine. I'll try to adopt the goods things he made, but I'm not so happy with the installation of many useless files. Some even collide with other packages. I'm not happy with the non-transarc defaults he uses either. Things should first become stable and well tested before exploiting it. Thanx anyway.
_________________
Alle dingen moeten onzin zijn. |
|
| Back to top |
|
|
depontius
Advocate
Joined: 05 May 2004
Posts: 3406
|
| Posted: Fri Jun 24, 2005 2:26 pm Post subject: New setup, client works, but not for my situation [SOLVED] |
|
|
I just set up using your new overlay tarball. It built and starts just fine, but I have one suggestion, and one BIG problem.
Suggestion:
Add a file, "/etc/env.d/50afs" with contents: "PATH=/usr/afs/bin", adding the same for ROOTPATH is optional. This puts the afs utilities on the path, makes life easier. I notice that this is done for the regular ebuilds.
Problem:
I'm part of a BIG multi-cell company. Only problem, a bunch of these are symlinks, so we can get to cells by shortnames. So a cell of the form: "/afs/(site).(company).com" will typically have a second entry of the form: "/afs/(site)". At least, that's the way it looks on every other afs client I've ever used. The just-installed client for kernel 2.6 shows none of the short links. It becomes a problem because there is a LOT of use of symlinks, and a LOT of those link to the short form for a site, instead of the long form. For my new client install, ALL of those links are broken, because the short form doesn't exist. I could see cleaning up my own stuff to use the long form, but I don't own most of what I'm having problems with. I'm using the same CellServDB between clients running 2.4 and 2.6, as well as other OSs, but under 2.6 is the only place I don't have the short cell names. It looks to me like some aspect of client configuration automatically creates the names, but I don't know what it is, nor have I found anything in the FAQ or Wiki. A quick scan comparing your ebuilds with the regular one shows nothing obvious. A while back, a friend built OpenAFS for 2.6 on Gentoo, and didn't mention this problem, though I have no idea how thoroughly he tested.
The problem was DYNROOT=yes in the configuration file. Evidently all of those handy aliases are exported by the server, and DYNROOT tells the client to ignore the names exported, and build its own. I had thought that the client dynamically built the short names, but apparently they're built at the server.
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
|
irondog
l33t
Joined: 07 Jul 2003
Posts: 715
Location: Voor mijn TV. Achter mijn pc.
|
| Posted: Sat Jun 25, 2005 11:38 am Post subject: |
|
|
Hm, maybe this should be set to default. I was also _missing_ it when switching from 2.4 to 2.6.
_________________
Alle dingen moeten onzin zijn. |
|
| Back to top |
|
|
depontius
Advocate
Joined: 05 May 2004
Posts: 3406
|
| Posted: Sat Jun 25, 2005 4:48 pm Post subject: Suggestions... |
|
|
I guess I should be more helpful, and try to enumerate things better. I guess these are really changes from the stable ebuild, and some of them need to be brought forward to this ebuild.
1: No DYNROOT by default. (defaults to "no")
2: An entry for /etc/env.d to add afs binaries to the PATH
3: Standard place for afs binaries is "/usr/afsws", this ebuild places them in "/usr/afs". (more on this, next)
4: Rebuilding "findtools" (now that it has the +afs flag) fails, because it's expecting to find "/usr/afsws/lib/pam_afs.so.1". Not only is the "/usr/afsws" path part changed, but "lib" isn't there, and "pam_afs.so.1" is only in /lib/security.
To workaround these:
1: Change to DYNROOT=no, or just comment it out.
2: I made /etc/env.d/50afs with contents of PATH=/usr/afs/bin and ROOTPATH with the same.
3: I made a symlink from /usr/afs to /usr/afsws.
4: I made a new directory, /usr/afs/lib, and in that directory symlinked /lib/security/pam_afs.so.1 in.
Then I had really terrible performance after that. But that's because our site has some brain-dead networking that "works for Windows". Autonegotiation is turned off by default. Static IP workstations are configured to 100FD. Windows PCs think that they're autonegotiating, and somehow come up with 100FD. Linux tries to autonegotiate, and comes up with 100HD. I now have an mii-tool line in local.start to force the card to 100FD, since my old kernel parameters no longer work.
What's really annoying is that a call to support, and after some whining, they'll change your port to auto-negotiate. I absolutely NEED that for a laptop, for instance. But it ought to be default, IMHO.
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
|
zecora
l33t
Joined: 17 Aug 2004
Posts: 627
Location: Minneapolis, MN
|
| Posted: Wed Jul 13, 2005 2:55 am Post subject: |
|
|
| Code: | | * Please upgrade your package (openafs-1.3.82) to use toolchain-funcs.eclass |
how do i update? |
|
| Back to top |
|
|
irondog
l33t
Joined: 07 Jul 2003
Posts: 715
Location: Voor mijn TV. Achter mijn pc.
|
| Posted: Wed Jul 13, 2005 7:53 am Post subject: |
|
|
That's fixed in the 1.3.84 ebuilds.
_________________
Alle dingen moeten onzin zijn. |
|
| Back to top |
|
|
zecora
l33t
Joined: 17 Aug 2004
Posts: 627
Location: Minneapolis, MN
|
| Posted: Wed Jul 13, 2005 12:41 pm Post subject: |
|
|
| So just get the newest ebuilds and i should be alright? |
|
| Back to top |
|
|
kappax
Apprentice
Joined: 30 Aug 2002
Posts: 273
Location: The Moon
|
| Posted: Thu Jul 14, 2005 9:41 am Post subject: |
|
|
Anybody know if there is a network file system that is not so much of a cluster, but tolorent for cached reads and writes ?
Such as Server A = webserver and Server B = fileserver If B goes down I would like to still make writes to the fileserver and have them populated back to the fileserver when it comes back up. And such reads form B wold work so long as A had cached them.
I don't want A to have to hold all of the files that B has, eg B is 6 tb of data *multy disk array* , A only has a 400gig dids.
_________________
My Box
glxgears - 4083.400 FPS
OS: GNU/Linux
Distro: Gentoo
kernel: 2.6.0-test9-mm2
----------------------
vi makes me :wq in word pad  |
|
| Back to top |
|
|
zecora
l33t
Joined: 17 Aug 2004
Posts: 627
Location: Minneapolis, MN
|
| Posted: Fri Jul 15, 2005 9:15 pm Post subject: |
|
|
| Code: |
>>> original instance of package unmerged safely.
* After installing a new kernel of any version, it is important
* that you have the appropriate /etc/modules.autoload.d/kernel-X.Y
* created (X.Y is the first 2 parts of your new kernel version)
* For example, this kernel will require:
* /etc/modules.autoload.d/kernel-2.6
* If you are upgrading from a previous kernel, you may be interested
* in the following documents:
* - General upgrade guide: http://www.gentoo.org/doc/en/kernel-upgrade.xml
* - 2.4 to 2.6 migration guide: http://www.gentoo.org/doc/en/migration-to-2.6.xml
* For more info on this patchset, and how to report problems, see:
* http://dev.gentoo.org/~dsd/genpatches
>>> Regenerating /etc/ld.so.cache...
>>> sys-kernel/gentoo-sources-2.6.12-r4 merged.
>>> clean: No packages selected for removal.
>>> emerge (132 of 149) net-fs/openafs-kernel-1.3.82 to /
>>> md5 files ;-) openafs-kernel-1.3.82.ebuild
>>> md5 files ;-) files/digest-openafs-kernel-1.3.82
>>> md5 src_uri ;-) openafs-1.3.82-src.tar.bz2
* OpenAFS might cause kernel OOps
* You have been warned!
* Determining the location of the kernel source code
* Found kernel source directory:
* /usr/src/linux
* Found sources for kernel version:
* 2.6.12-gentoo-r4
* getfilevar requires 2 variables, with the second a valid file.
* getfilevar <VARIABLE> <CONFIGFILE>
* Could not find a usable .config in the kernel source directory.
* Please ensure that /usr/src/linux points to a configured set of Linux sources.
* If you are using KBUILD_OUTPUT, please set the environment var so that
* it points to the necessary object directory so that it might find .config.
!!! ERROR: net-fs/openafs-kernel-1.3.82 failed.
!!! Function linux-info_pkg_setup, Line 521, Exitcode 1
!!! Unable to calculate Linux Kernel version
!!! If you need support, post the topmost build error, NOT this status message. |
what the hell? |
|
| Back to top |
|
|
depontius
Advocate
Joined: 05 May 2004
Posts: 3406
|
| Posted: Sat Jul 16, 2005 1:32 am Post subject: |
|
|
Have you actually built the 2.6.12-r4 kernel yet?
Did you boot it when you tried to build OpenAFS?
Was the kernel source symlink correctly in place?
You might also want to get the newer 1.3.84 ebuild instead of the 1.3.82 one.
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
|
adsmith
Veteran
Joined: 26 Sep 2004
Posts: 1386
Location: NC, USA
|
| Posted: Mon Jul 25, 2005 4:09 pm Post subject: |
|
|
I'd love to set this up, but I really do not want to muck around with my partitions.
Can the "partition" be a loopback device? |
|
| Back to top |
|
|
irondog
l33t
Joined: 07 Jul 2003
Posts: 715
Location: Voor mijn TV. Achter mijn pc.
|
| Posted: Tue Jul 26, 2005 11:11 am Post subject: |
|
|
Actually, yes. I tried it and it even worked for /vicepa. I don't recall the additional steps I did, but yes I've had it working.
_________________
Alle dingen moeten onzin zijn. |
|
| Back to top |
|
|
moja
n00b
Joined: 04 Feb 2005
Posts: 21
Location: Sweden
|
| Posted: Sun Jul 31, 2005 10:42 am Post subject: |
|
|
Is there a way to authenicate the user of the afs through kerberos and samba?
I have both the samba and unix users in a central openldap directory. I want to be able to get the afs token then I log in to the system, but I dont want to create all the users in the AFS userdatabase.
IS there a way to do this?  |
|
| Back to top |
|
|
jamiethehutt
n00b
Joined: 04 Oct 2004
Posts: 66
Location: Scotland!
|
| Posted: Sun Jul 31, 2005 1:41 pm Post subject: |
|
|
| Quote: | | * For servers a ext2 partition mounted on /vicepa is needed (yes, stop here if you haven't a spare partition) |
dd if=/dev/urandom of=/partition bs=1M count=1000
losetup /dev/loop0 /partition
mkfs -t ext2 /dev/loop0
mount /dev/loop0 /vicepa
I've not tested it but that should give you a 1GB partition. 
_________________
"Someday, he thought, it'll be mandatory that we all sell the McDonald's hamburger as well as buy it; we'll sell it back and forth to each other forever from our living rooms. That way we won't even have to go outside." - A Scanner Darkly By PK Dick |
|
| Back to top |
|
|
heini
n00b
Joined: 20 Sep 2002
Posts: 32
|
| Posted: Wed Aug 10, 2005 12:18 pm Post subject: Problem starting afsd |
|
|
Hi,
I tried the 1.3.85 ebuilds which are in portage now, but I have trouble starting afsd. I get the following error message:
| Code: | > /etc/init.d/afs start
* Starting AFS BOS server ... [ ok ]
* Starting AFS client ...
afsd: All AFS daemons started.
afsd: Can't mount AFS on /afs(22)
|
/afs does exist. I authenticate against MIT Kerberos, but I don't think this is an issue here. My kernel is 2.6.12.3.
Anybody seen this before?
Thanx...
Dirk |
|
| Back to top |
|
|
irondog
l33t
Joined: 07 Jul 2003
Posts: 715
Location: Voor mijn TV. Achter mijn pc.
|
| Posted: Wed Aug 10, 2005 4:10 pm Post subject: |
|
|
Yes, but I don't remember anymore how to solve it. I've written my ebuilds very carefully to avoid problems like this. And I can tell you this was one of the problems I found a solution for. Unfortunately the creator of the ebuilds in portage didn't use much of my work.
Building openAFS is not so tricky, but installing really is!
I added this in my ebuild's:
| Code: |
keepdir /usr/afs/db
keepdir /usr/afs/local
keepdir /usr/afs/logs
keepdir /usr/vice/cache
|
You might want to mkdir these directories and try again, but I can't give you any garantuee's this is the solution for your problem.
_________________
Alle dingen moeten onzin zijn. |
|
| Back to top |
|
|
depontius
Advocate
Joined: 05 May 2004
Posts: 3406
|
| Posted: Wed Aug 10, 2005 4:46 pm Post subject: Re: Problem starting afsd |
|
|
| heini wrote: | Hi,
I tried the 1.3.85 ebuilds which are in portage now, but I have trouble starting afsd. I get the following error message:
| Code: | > /etc/init.d/afs start
* Starting AFS BOS server ... [ ok ]
* Starting AFS client ...
afsd: All AFS daemons started.
afsd: Can't mount AFS on /afs(22)
|
/afs does exist. I authenticate against MIT Kerberos, but I don't think this is an issue here. My kernel is 2.6.12.3.
Anybody seen this before?
Thanx...
Dirk |
I recently reinstalled a machine, and tried the 1.3.85 build, with disastrous results.
My suggestion: Install Irondog's 1.3.84 ebuild and get it running. I had to diddle a little with /usr/afs vs /usr/afsws and the location of pam_afs.so, but that was about it. Oh, I also had to turn dynroot off, for the way our enterprise is set up. But for one reasonably familiar with afs, it came up fairly easily.
Then decide if you want to move to the official 1.3.85 ebuild. First off, it doesn't look to me as if 1.3.85 is capable of a "cold" install. But it will upgrade a 1.3.84 install fairly readily, and that's how I got it running on the one machine where I use it. I had to add a CACHESIZE=(my cachesize) parameter to /etc/conf.d/afs, and for some odd reason had to create the /afs mount point. But now I have one machine running 1.3.84 and one running 1.3.85.
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
|
heini
n00b
Joined: 20 Sep 2002
Posts: 32
|
| Posted: Thu Aug 11, 2005 11:23 am Post subject: |
|
|
First, thanks for the answers.
Meanwhile I've come a little bit further: I did a fresh install of the 1.3.85 ebuild after removing every trace of openafs from my machine (did some attempts earlier with 1.3.[67]x).
I'm now at the point that afs is starting up normally, but
| Code: | => fs setacl /afs system:anyuser rl
fs: You don't have the required access rights on '/afs' |
I obtained kerberos ticket and afs token and the user is in system:administrators.
Has anybody seen/solved this?
Bye...
Dirk |
|
| Back to top |
|
|
depontius
Advocate
Joined: 05 May 2004
Posts: 3406
|
| Posted: Thu Aug 11, 2005 4:49 pm Post subject: |
|
|
| heini wrote: | First, thanks for the answers.
Meanwhile I've come a little bit further: I did a fresh install of the 1.3.85 ebuild after removing every trace of openafs from my machine (did some attempts earlier with 1.3.[67]x).
I'm now at the point that afs is starting up normally, but
| Code: | => fs setacl /afs system:anyuser rl
fs: You don't have the required access rights on '/afs' |
I obtained kerberos ticket and afs token and the user is in system:administrators.
Has anybody seen/solved this?
Bye...
Dirk |
What does "fs la /afs" say?
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
|
heini
n00b
Joined: 20 Sep 2002
Posts: 32
|
| Posted: Fri Aug 12, 2005 6:20 am Post subject: |
|
|
| heini wrote: | First, thanks for the answers.
Meanwhile I've come a little bit further: I did a fresh install of the 1.3.85 ebuild after removing every trace of openafs from my machine (did some attempts earlier with 1.3.[67]x).
I'm now at the point that afs is starting up normally, but
| Code: | => fs setacl /afs system:anyuser rl
fs: You don't have the required access rights on '/afs' |
I obtained kerberos ticket and afs token and the user is in system:administrators.
|
I was able to solve it myself. Since I use MIT Kerberos 5, I needed to take special care to setup /etc/openafs/server/KeyFile correctly, using asetkey from the afs-krb5 migration kit. So I started again, compiled asetkey before I did anything else, then followed the steps in http://www.seismo.ethz.ch/linux/afs/node6.html and everything is working fine now.
Maybe I'll put together just another HOWTO.
Bye...
Dirk |
|
| Back to top |
|
|
baloo12
n00b
Joined: 15 May 2005
Posts: 5
Location: Zurich
|
| Posted: Mon Aug 15, 2005 1:06 pm Post subject: Am I blind or something?! missing files in /etc/openafs? |
|
|
I used your afs-install-methode on an other server before..
It was perfect.. but know someting strange is going on..
When I start /etc/init.d/afs, there are several error messages/warnings about missing files in /etc/openafs..
| Code: |
/etc/init.d/afs start
* Starting AFS client ...
/etc/init.d/afs: line 12: [: -lt: unary operator expected
/etc/init.d/afs: line 14: [: -lt: unary operator expected
/etc/init.d/afs: line 16: [: -lt: unary operator expected
/etc/init.d/afs: line 18: [: -lt: unary operator expected
afsd: some file missing or bad in /etc/openafs
|
I created a testwise /etc/openafs/ with a ThisCell and a CellServDB (with appropriate content)
after that, it was asking for a the cacheinfo file:
| Code: |
* Starting AFS client ...
/etc/init.d/afs: line 12: [: -lt: unary operator expected
/etc/init.d/afs: line 14: [: -lt: unary operator expected
/etc/init.d/afs: line 16: [: -lt: unary operator expected
/etc/init.d/afs: line 18: [: -lt: unary operator expected
ParseCacheInfoFile: Can't read cache info file '/etc/openafs/cacheinfo'
|
I don't know its content.. so..
I didn't need to modify any files (except ThisCell/CellServDB) last time..?!
any ideas? |
|
| Back to top |
|
|
depontius
Advocate
Joined: 05 May 2004
Posts: 3406
|
| Posted: Mon Aug 15, 2005 1:30 pm Post subject: Re: Am I blind or something?! missing files in /etc/openafs? |
|
|
| baloo12 wrote: | I used your afs-install-methode on an other server before..
It was perfect.. but know someting strange is going on..
When I start /etc/init.d/afs, there are several error messages/warnings about missing files in /etc/openafs..
| Code: |
/etc/init.d/afs start
* Starting AFS client ...
/etc/init.d/afs: line 12: [: -lt: unary operator expected
/etc/init.d/afs: line 14: [: -lt: unary operator expected
/etc/init.d/afs: line 16: [: -lt: unary operator expected
/etc/init.d/afs: line 18: [: -lt: unary operator expected
afsd: some file missing or bad in /etc/openafs
|
I created a testwise /etc/openafs/ with a ThisCell and a CellServDB (with appropriate content)
after that, it was asking for a the cacheinfo file:
| Code: |
* Starting AFS client ...
/etc/init.d/afs: line 12: [: -lt: unary operator expected
/etc/init.d/afs: line 14: [: -lt: unary operator expected
/etc/init.d/afs: line 16: [: -lt: unary operator expected
/etc/init.d/afs: line 18: [: -lt: unary operator expected
ParseCacheInfoFile: Can't read cache info file '/etc/openafs/cacheinfo'
|
I don't know its content.. so..
I didn't need to modify any files (except ThisCell/CellServDB) last time..?!
any ideas? |
/etc/conf.d/afs needs a "CACHESIZE=nnn" parameter tacked onto the end, or at least mine did. I'm in a sort of discussion with the author of the 1.3.85 ebuild about installation. Actually he's responded to my bug report, and I owe him a reply.
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
|
@zr@el
n00b
Joined: 11 May 2005
Posts: 4
|
| Posted: Tue Aug 16, 2005 8:03 am Post subject: |
|
|
First I want to thank you for your guide, irondog.
I'm studying computer science and we decided to use OpenAFS for our student's /home directories in my university; of course under Gentoo.
Based on your guide, we were able to build a gentoo-openafs-server, which was fully functional. ( /afs tree, gettting access from the clients, etc. ...)
However we aren't able to use the "afs-homedirectories" because graphical login managers, like gdm / kdm, aren't able to write on users home directories.
Graphical login managers want to write .dotfiles and other config-files in the users home directory, but they have no permission to write on the home directory, because of the ACLs defined on the users home directory and the lack of authentication of user 'root'.
The only way described in various documents (google search), was to allow write access for the group system:anyuser on a special public folder under the home directory and make symbolic links in the users home directory pointing to the writeable files in the public directory. But this solution isn't very comfortable and seems more like a 'hack' then a real solution.
Anybody got an idea to solve this problem? |
|
| Back to top |
|
|
heini
n00b
Joined: 20 Sep 2002
Posts: 32
|
| Posted: Tue Aug 16, 2005 8:18 am Post subject: |
|
|
| @zr@el wrote: | However we aren't able to use the "afs-homedirectories" because graphical login managers, like gdm / kdm, aren't able to write on users home directories.
Graphical login managers want to write .dotfiles and other config-files in the users home directory, but they have no permission to write on the home directory, because of the ACLs defined on the users home directory and the lack of authentication of user 'root'.
Anybody got an idea to solve this problem? |
First, you need a pam module which gets AFS tokens at login time. I use pam_openafs_session (Note: I use MIT Kerberos V for authentification, so you may need another one), but this is not in portage, you have to get and compile it yourself (Google).
However, the README of this module said that the only Display Manager that would work with it was wdm. So I emerged it, changed DISPLAYMANAGER in /etc/rc.conf from kdm to wdm and everything worked fine.
HTH...
Dirk |
|
| Back to top |
|
|
|
Documentation, Tips & Tricks
